333 matches found
GHSA-R5QW-5M8Q-6774 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...
GHSA-RC8C-94M4-FRFH vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...
GHSA-585P-9MG2-6VMM vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...
CVE-2026-43099 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
GHSA-GR3R-CRP5-QRRM Compromised tag of intercom-php published via GitHub
Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...
GHSA-2MH5-3CW6-HRRQ Spring Cloud Config has an Authorization Bypass Through User-Controlled Key
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
VMware Spring Cloud Config 安全漏洞
VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product primarily provides server and client support for external configurations in distributed systems. There is a security vulnerability in VMware Spring Cloud Config, which...
PT-2026-38329
Name of the Vulnerable Software and Affected Versions Spring Cloud Config versions 3.1.0 through 3.1.13 Spring Cloud Config versions 4.1.0 through 4.1.9 Spring Cloud Config versions 4.2.0 through 4.2.6 Spring Cloud Config versions 4.3.0 through 4.3.2 Spring Cloud Config versions 5.0.0 through 5.0...
GHSA-GGGW-8CQ2-45CP vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...
CVE-2026-31626 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...
CVE-2026-3259
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...
PT-2026-34647
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...
PT-2026-32955
Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...
GHSA-PW2V-CMFH-X2P3 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...
GHSA-5R72-P4CV-H344 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...
GHSA-2MVM-XGM9-R324 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware, linux-qemu, linux-gcp, linux-azure...